[OpenSSL] TLSv1.2了解

问题：项目系统使用的存储系统SSL/TLS版本升级至1.2，导致本系统无法与存储系统建立SSL连接。

原因：https://blog.csdn.net/tawlang/article/details/80655460

使用相同的keystore，客户端使用JDK8，可与对方系统TCP握手成功建立ssh connection。 

但若客户端使用JDK6，则无法TCP握手成功。

分析root cause是说JDK6（低版本中）缺少一个加密算法以支持TLS1.2协议通讯。

 

 

 

相关知识查询：

Transport Layer Security (TLS)

https://www.networkworld.com/article/2303073/lan-wan-what-is-transport-layer-security-protocol.html

https://xz.aliyun.com/search?keyword=TLS

 

 

Keystore

https://www.sohu.com/a/195090448_604699

 

https://blog.csdn.net/wteruiycbqqvwt/article/details/90764611

 

 

JDK6 低版本不支持TLSv1.2

直至Advanced 6u121版本才实现支持

但Advanced JDK版本是付费的......

https://www.oracle.com/technetwork/java/javase/overview-156328.html#R160_121

 

security-libs/javax.net.ssl
TLS v1.2 support now available
TLS v1.2 is now a TLS protocol option with the release of JDK 6u121. By default, TLSv1.0 will remain the default enabled protocol on client sockets.

As an example, both the TLSv1.1 and TLSv1.2 protocols can be enabled for use on SSL/TLS connections via SSLSocket/SSLEngine/SSLServerSocket APIs:
e.g.
sslSocket.setEnabledProtocols(new String[] { "TLSv1.1", "TLSv1.2"});

or by setting up and using a TLSv1.2 based SSLContext :
e.g.
SSLContext ctx = SSLContext.getInstance("TLSv1.2");

or by using the SSLParameters API:
e.g.
sslParameters.setProtocols(new String[] {"TLSv1.1", "TLSv1.2"});

The new jdk.tls.client.protocols System Property may also be used to control the protocols in use for a TLS connection (JDK-8151183).
One may launch their application with this property. E.g. java -Djdk.tls.client.protocols="TLSv1.2" will enable only TLSv1.2 on client SSLSockets.

Note that protocol versions specified via the new jdk.tls.client.protocols property will suppress any value set via the jdk.tls.client.enableSSLv2Hello property. SSLv2Hello can be passed to the jdk.tls.client.protocols value if necessary.
See JDK-8133817

 

了解一下JDK收费问题

https://blog.csdn.net/Kaitiren/article/details/85066935